On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose sbose@redhat.com wrote:
On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote:
I have 300 out of 3000 users whose /home/<username> dir shows uid and gid instead of username and groupname.
It seems to be behaving like a bug
As soon I become a user with `sudo su - username' the uid of the home dir changes to username but gid still does not change to groupname.
I also get an error message, but still successfully become that user
$ ls -ld /home/mbniels drwx------. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels
$ su - mbniels Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 /usr/bin/id: cannot find name for group ID 80974 groups: cannot find name for group ID 80974
$ ls -ld /home/mbniels drwx------. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels
Then to check the groups of username I get another error which then gets cleared by next command.
$ groups mbniels mbniels : groups: cannot find name for group ID 80974 80974 users
$ getent group mbniels mbniels:*:80974
$ groups mbniels mbniels : mbniels users
It also fixes the gid to groupname
$ ls -ld /home/mbniels/ drwx------. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/
I noticed it reverts after may be within half an hour, not exact sure
when.
Almost behaves like `quantum entanglement'. As soon as I try to check by trying to become that user the issue disappears.
This is not just cosmetic issue, when the home dir shows ownership with uid, instead of username, the user fails some commands.
We just started noticing today, since we just built this box and only few months ago and users are being invited to start using this server
Some annoying error it is showing like below and user then fails to ssh
$ ssh remote No user exists for uid 80974
I am using centos 7 and sssd 1.15.2
$ cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core)
$ sssd --version 1.15.2
Here are some relevant logs https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA
It looks like you are not using a plain RFC2307bis LDAP schema. Can you send you sssd.conf and a typical LDAP user and group object?
bye, Sumit
I am using rfc2307bis
Here is the sssd.conf (sanitized)
[sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss,pam,sudo domains = LDAP
[nss] reconnection_retries = 3 filter_groups = root,wheel filter_users = root
[pam] reconnection_retries = 3 offline_credentials_expiration = 0 pam_verbosity = 3
[sudo]
[domain/LDAP] chpass_provider = ldap access_provider = ldap id_provider = ldap case_sensitive = False ldap_schema = rfc2307bis ldap_search_base = ou=People,dc=example,dc=com ldap_uri = ldaps://192.168.1.100, ldaps://192.168.1.101 ldap_access_order = filter ldap_access_filter = (&(objectClass=mnetPerson)(nationnumber=USA)) ldap_user_uid_number = mnetid ldap_user_gid_number = mnetid ldap_group_gid_number = mnetid ldap_group_object_class = inetOrgPerson ldap_user_object_class = mnetPerson ldap_user_fullname = uid ldap_group_name = uid ldap_network_timeout = 3 ldap_tls_reqcert = allow ldap_tls_cacert = /etc/ssl/certs/hostca.cer ldap_chpass_update_last_change = true ldap_pwd_policy = none ldap_account_expire_policy = none ldap_default_authtok_type = password ldap_default_bind_dn = uid=binduid,ou=people,dc=example,dc=com ldap_default_authtok = secretsanitized
auth_provider = ldap
krb5_server = 192.168.1.102:88, 192.168.1.103:88 krb5_backup_server = 192.168.1.102 krb5_realm = IT.INTRANET krb5_auth_timeout = 15
cache_credentials = true default_shell = /bin/bash override_homedir = /home/%u
Appreciate any help
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org